Why Customers Choose Signal Sciences

Brendon Macaraeg is Director of Product Marketing at Signal Sciences. Previously with CrowdStrike and Symantec, he focused on evangelizing and marketing security offerings. Outside of work, Brendon keeps busy with his wife and kids enjoying outdoor activities.

We ask our customers early and often why they chose us as their next-gen WAF and RASP technology of choice. Here are ten main reasons we hear across the board, and you can read the full white paper to dive in deeper:

1. Flexible deployment options for any architecture—now and in the future

Whether you’re using Amazon Web Services (AWS), Microsoft Azure, Google Cloud, some combination, or something altogether different, with Signal Sciences you gain visibility and protection wherever your apps, APIs, and microservices live—and in whatever language they’re written in, from PHP and Python to Ruby and Go. And to protect legacy applications, Signal Sciences can operate as a reverse proxy.

2. Automated blocking that scales without rules tuning

Legacy WAFs require a learning mode and constant signature tuning to rule out false positives while blocking rules are completely turned off for fear of breaking the application. But we’re able to use SmartParse, our proprietary detection method designed to make instantaneous, highly accurate decisions in line to determine with high accuracy if there are malicious or anomalous payloads present in requests. This approach virtually eliminates false positives so you can scale protection without dealing with the maintenance overhead that legacy WAFs require.

3. Instruments and protects your apps without breaking them

Signal Sciences takes a threshold approach to blocking so you can run our solution in full, automated blocking mode in production with virtually no false positives: 95% of our customers trust us to do just that. With threshold blocking, we don’t make a decision on each request like other legacy WAFs and RASP products, but we instead look at suspicious payloads over time and with context to determine whether an actual attack is occurring. Our patented approach analyzes over 200 billion weekly production requests with no noticeable performance impact on the applications and APIs we help our customers protect.

4. Identifies and blocks bots and scrapers to protect your resources

Attackers use automation and botnets to acquire valuable data, especially from content rich sites in media, e-commerce, and technology businesses. With Power Rules, you can enable rate-limiting rules around abusive behavior like content scraping and eliminate serving up content and resources to malicious users, potentially saving on infrastructure costs. And the same threshold-based approach can prevent malicious automated attacks via bots deployed to perpetrate application DDoS and account takeovers.

5. Guides engineers to fix the right things

Engineers never have a shortage of bugs to fix, but the challenge is understanding which ones to prioritize. Signal Sciences provides clear reports and self-service data on the most common attack types and targets to help your teams focus on what exactly is under attack. Engineering and Security managers use this real-time data to best utilize their resources, including what types of training needs to be reinforced depending on the attack tactics used against their apps and APIs in production.

6. Brings Dev and Ops to the Security Party with actionable data

Aligning security, dev and ops teams is crucial for all three groups to understand the requirements of security in the development lifecycle—before issues arise that impact you and your bottom line. Signal Sciences shows all stakeholders how requests are impacting their app or service with data around application attacks, anomalies, and behavior. This data is reported out via customizable dashboards and APIs, along with the toolchain products your teams are already using.From SIEMs like Splunk and Sumo Logic, to REST/JSON APIs and webhooks, to common DevOps tools like Slack and Jira— we have you covered.

Signal Sciences can identify and block OWASP Top 10 and unique threats specific to your application’s business logic while providing actionable data and alerts to your devops and security teams.

7. Defends mobile apps with the same powerful capabilities

Since mobile applications rely on APIs to transfer critical data from application servers, Signal Sciences provides you visibility by installing after the traffic is decrypted at the web server or code layer. With Power Rules, you can monitor any business logic that is unique to your mobile application. Signal Sciences also defends the authentication flows in any mobile app by detecting and blocking requests from known bad IPs that abuse authentication events like account creation, password reset, or other brute force or account takeover attempts.

8. Addresses vulnerabilities with virtual patching

Software creates new vulnerabilities that attract attackers like bees to honey as they unleash payloads to exploit the weaknesses: you need proactive defense against attacks to buy time while fixing the underlying systems. This is exactly what Signal Sciences provides through virtual patching enabled by Power Rules: you can apply virtual patches that address various Common Vulnerability and Exposures (CVEs) and immediately block requests containing the CVE exploit.

9. Provides Operations with data to ensure site uptime and performance

We built our agent to expose metrics that operations teams rely on, from CPU and memory usage to how much delay the agent adds to each request (no more than one to three milliseconds). We also built our API so these metrics pull into the systems your operations teams already use. Other WAF and RASP vendors don’t have APIs for these metrics, and provide little detail in their UI, while a few document 2X latency on the roundtrip from request to decision.

Putting a WAF at the network edge made sense to many operations engineers since that’s where cached content is utilized to remove the load from web and application servers. But our customers have requested more specific application-level attack and behavior detail than what CDN WAFs were designed to provide. Because Signal Sciences installs at the server- and code-level and provides instrumentation at the application layer, we can augment CDN WAFs and identify and block unique threats they cannot. This method safely provides a feedback loop to developers and DevOps engineers without requiring everyone in the engineering team have direct access to the CDN console.

These ten capabilities are essential to ensuring that a web application security solution meets the needs of modern development, operations and security teams so they can iterate and release software quickly and secure them.